|
2931
|
8.2 |
HIGH
Network
|
-
|
-
|
deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-46509
|
2026-06-2 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2932
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled value…
|
CWE-79
CWE-918
Cross-site Scripting
Server-Side Request Forgery (SSRF)
|
CVE-2026-43979
|
2026-06-2 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2933
|
5.3 |
MEDIUM
Network
|
mermaid_project
|
mermaid
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies…
|
CWE-94
Code Injection
|
CVE-2026-41159
|
2026-06-2 03:38 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2934
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attacke…
|
CWE-863
Incorrect Authorization
|
CVE-2026-32906
|
2026-06-2 03:37 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2935
|
5.3 |
MEDIUM
Network
|
mermaid_project
|
mermaid
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41150
|
2026-06-2 03:37 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2936
|
8.3 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without…
|
CWE-862
Missing Authorization
|
CVE-2026-32905
|
2026-06-2 03:36 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2937
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin comma…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34507
|
2026-06-2 03:36 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2938
|
4.8 |
MEDIUM
Network
|
tp-link
|
tl-sg108pe_firmware
|
A stored
cross-site scripting (XSS) vulnerability has been identified in the web
management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM
configuration paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34127
|
2026-06-2 03:35 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2939
|
9.9 |
CRITICAL
Network
|
yhirose
|
cpp-httplib
|
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header va…
|
CWE-93
CWE-444
CRLF Injection
HTTP Request Smuggling
|
CVE-2026-45372
|
2026-06-2 03:34 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2940
|
8.2 |
HIGH
Network
|
-
|
-
|
Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspac…
|
CWE-427
CWE-829
Uncontrolled Search Path Element
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-44358
|
2026-06-2 03:33 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
